1

I research on cookbook the chapter relative of security and the most near is the part How to Authenticate Users with API Keys. I'm not sure if is possible to login in synfony through URL. I try to develop a service that permit login and I want to use a URL like this:

mysite.com/login/user/password/token

Before to make the complete code I try to make a test and be sure thats works and I pass my var with value in the same code in controller:

$_username="user";
$_password="password";

$this->redirect($this->generateUrl('subscriber_login_check'));

if ($request->attributes->has(SecurityContext::AUTHENTICATION_ERROR)) {
    $error = $request->attributes->get(SecurityContext::AUTHENTICATION_ERROR);
} else {
    $error = $session->get(SecurityContext::AUTHENTICATION_ERROR);
    $session->remove(SecurityContext::AUTHENTICATION_ERROR);
}

When I try to do this on controller I have the follow error :

Unable to find the controller for path "/login_check/". Maybe you forgot to add the matching route in your routing configuration?

I don't know if I need to so something else in others files or this is not possible to do it.

Thank you

Zoltan Toth
  • 46,981
  • 12
  • 120
  • 134
paola rivero
  • 21
  • 3
  • 2
    Honestly, I'm not sure that's such a great way to do it. You'd be sending the password through GET which isn't recommended which is why it's probably hard finding examples. https://stackoverflow.com/questions/26671599/are-security-concerns-sending-a-password-using-a-get-request-over-https-valid – Dominick May 20 '15 at 22:09
  • I stopped reading at synfony. :) – Michael Villeneuve May 20 '15 at 23:01

1 Answers1

0

I can find a solution to implement my login with URL like this: mysite.com/user/password.

This is the code: 

$path_info = $request->getPathInfo();
$router_parts = explode("/", $path_info);
$routerAux = $router_parts[1];
$routerAux2 = $router_parts[2];
if ($routerAux != ""){
    $_username=$routerAux;
    $user = $em->getRepository('myBundle:Entity')->findOneBy(array('field' => $_username));
    if($user){
        $token = new UsernamePasswordToken($user, $user->getPassword(), "public", $user->getRoles());
        if($token){
            if ($routerAux2  != ""){
                $_password=$routerAux2;
                $pass = $user->getPassword();
                $pass1 =""; 
                $factory = $this->get('security.encoder_factory');
                        $encoder = $factory->getEncoder($user);
                        $pass1 = $encoder->encodePassword($_password, $user->getSalt());
                if($pass==$pass1){
                    $var= 1;
                        }
                    }
                }
            }
        }     
    }
    return $this->render('Bundle:Pages:page.html.twig',array('var'=>$var));
}

Basically, the service is implemented by sending the username and password by URL, and initially locate the username in my database, then if the user exists got the password. Because the password is encrypted, proceeded to encrypt the value of the past password URL. Once encrypted value that a comparison between the two values is performed to return true if both are equal and false if they are different.

paola rivero
  • 21
  • 3